[Note: The most recent updates (if any) are highlighted]

CS 5950 - Computer Security and Information Assurance — Fall 2009

Course Outline

Prof. Leszek Lilien

Department of Computer Science

Western Michigan University

 

Class Web Pages:

Syllabus - main page: index.htm

Detailed course outline (this page): outline.htm

Announcements and slides: announcements+slides.htm

 

The following list of lecture topics is based on Table of Contents for the textbook (i.e., based on the textbook Security in Computing. Fourth Edition by Pfleeger and Pfleeger, Prentice Hall, 2007, ISBN 0-13-239077-9).


I.   We'll cover the following issues (numbers are Chapter numbers):

 

1. Is There a Security Problem in Computing?
What Does “Secure” Mean? Attacks. The Meaning of Computer Security. Computer Criminals. Methods of Defense.


2. Elementary Cryptography.
Terminology and Background. Substitution Ciphers. Transposition (Permutations). Making “Good” Encryption Algorithms. The Data Encryption Standard (DES). The AES Encryption Algorithm. Public Key Encryption. The Uses of Encryption.

 

      Chapter 7 will be covered out-of-sequence to facilitate running lab exercises.

7. Security in Networks.

Note: Despite the short list of chapter  topics, we'll spend about  30% of lecture time in this area

Network Concepts. Threats in Networks. Network Security Controls. Firewalls. Intrusion Detection Systems. Secure E-Mail.


3. Program Security.
Secure Programs. Nonmalicious Program Errors. Viruses and Other Malicious Code. Targeted Malicious Code. Controls Against Program Threats.

 

If time permits: 4. Protection in General-Purpose Operating Systems.
Protected Objects and Methods of Protection. Memory and Address  Protection. Control of Access to General Objects. File Protection  Mechanisms. User Authentication. Summary of Security for Users.

 

If time permits: 6. Database and Data Mining Security.
Introduction to Databases. Security Requirements. Reliability and  Integrity. Sensitive Data. Inference. Multilevel Databases. Proposals  for Multilevel Security. Data Mining.

 


II.   We'll cover only the major selected topics/issues from:


10. Privacy in Computing

Privacy Concepts. Privacy Principles and Policies. Authentication and Privacy. Data Mining. Privacy on the Web. E-mail Security.  Impacts on Emerging Technologies.

 

 

11. Legal and Ethical Issues in Computer Security.
Protecting Programs and Data. Information and the Law. Rights of
Employees and Employers. Redress for Software Failures. Computer Crime. Ethical Issues in Computer Security. Case Studies of Ethics.


III.       We will not cover:


5. Designing Trusted Operating Systems.
What Is a Trusted System? Security Policies. Models of Security. Trusted Operating System Design. Assurance in Trusted Operating Systems.

 

8. Administering Security.
Security Planning. Risk Analysis. Organizational Security Policies. Physical Security.

 

9. The Economics of Cybersecurity

Making a Business Case. Quantifying Security. Modeling Cybersecurity.

 

12. Cryptography Explained

Mathematics for Cryptography. Symmetric Encryption. Public Key Encryption Systems. Quantum Cryptography.


==================

 

 

© 2007-2009 by Leszek T. Lilien                                                          Last updated on 8/28/09